summaryrefslogtreecommitdiff
path: root/doc
diff options
context:
space:
mode:
authorzwelch <zwelch@b42882b7-edfa-0310-969c-e2dbd0fdcd60>2009-06-13 08:38:57 +0000
committerzwelch <zwelch@b42882b7-edfa-0310-969c-e2dbd0fdcd60>2009-06-13 08:38:57 +0000
commit4f4592539d61764397257438d6914137498cbf70 (patch)
tree5eb225a96c437ce7fa2d9774f269ad8323d11d7c /doc
parent0ffbc6033346d182f37b9a8ff9fa5af8d9f0ce6a (diff)
downloadopenocd_libswd-4f4592539d61764397257438d6914137498cbf70.tar.gz
openocd_libswd-4f4592539d61764397257438d6914137498cbf70.tar.bz2
openocd_libswd-4f4592539d61764397257438d6914137498cbf70.tar.xz
openocd_libswd-4f4592539d61764397257438d6914137498cbf70.zip
David Brownell <david-b@pacbell.net>:
OpenOCD doesn't actually *need* to be keeping all TCP ports active ... creating security issues in some network configs. Instead, let config file specify e.g. "tcl_port 0" (or gdb_port, telnet_port) to disable that particular remote access method. git-svn-id: svn://svn.berlios.de/openocd/trunk@2240 b42882b7-edfa-0310-969c-e2dbd0fdcd60
Diffstat (limited to 'doc')
-rw-r--r--doc/openocd.texi10
1 files changed, 10 insertions, 0 deletions
diff --git a/doc/openocd.texi b/doc/openocd.texi
index f6783902..d5f78b32 100644
--- a/doc/openocd.texi
+++ b/doc/openocd.texi
@@ -1422,10 +1422,17 @@ the memory read/write commands. This includes @command{nand probe}.
@cindex TCP port
@cindex server
@cindex port
+@cindex security
The OpenOCD server accepts remote commands in several syntaxes.
Each syntax uses a different TCP/IP port, which you may specify
only during configuration (before those ports are opened).
+For reasons including security, you may wish to prevent remote
+access using one or more of these ports.
+In such cases, just specify the relevant port number as zero.
+If you disable all access through TCP/IP, you will need to
+use the command line @option{-pipe} option.
+
@deffn {Command} gdb_port (number)
@cindex GDB server
Specify or query the first port used for incoming GDB connections.
@@ -1433,6 +1440,7 @@ The GDB port for the
first target will be gdb_port, the second target will listen on gdb_port + 1, and so on.
When not specified during the configuration stage,
the port @var{number} defaults to 3333.
+When specified as zero, this port is not activated.
@end deffn
@deffn {Command} tcl_port (number)
@@ -1442,6 +1450,7 @@ output from the Tcl engine.
Intended as a machine interface.
When not specified during the configuration stage,
the port @var{number} defaults to 6666.
+When specified as zero, this port is not activated.
@end deffn
@deffn {Command} telnet_port (number)
@@ -1450,6 +1459,7 @@ port on which to listen for incoming telnet connections.
This port is intended for interaction with one human through TCL commands.
When not specified during the configuration stage,
the port @var{number} defaults to 4444.
+When specified as zero, this port is not activated.
@end deffn
@anchor{GDB Configuration}